Outbound Passwords in Java

Draw Code39 in Java Outbound Passwords
112 Outbound Passwords
Print ANSI/AIM Code 39 In Java
Using Barcode printer for Java Control to generate, create Code 3/9 image in Java applications.
password can still be changed by modifying a con guration le, but the con guration le doesn t contain enough information to jeopardize the password Even if it is not possible to make the key le inaccessible to application administrators, encrypting the password provides protection against casual attackers A clear-text password in a con guration le is a temptation that an otherwise upstanding person might not be able to pass up Making the password harder to recover helps keep honest people honest Java makes cryptography relatively easy, but the JavaDoc for the core cryptography classes does not make performing simple tasks as easy as one might hope To demonstrate that it is not hard to store your passwords in a secure way, Example 114 shows source code for a stand-alone utility that encrypts and decrypts passwords using a secret key
Creating Barcode In Java
Using Barcode maker for Java Control to generate, create barcode image in Java applications.
Example 114 A utility that encrypts and decrypts passwords using a secret key
Bar Code Recognizer In Java
Using Barcode decoder for Java Control to read, scan read, scan image in Java applications.
import import import import import import javaxcrypto*; javasecurity*; javaioBufferedReader; javaioInputStreamReader; javaioReader; javaioIOException;
Code 39 Creator In C#
Using Barcode maker for VS .NET Control to generate, create Code 39 Full ASCII image in .NET applications.
public class PasswordProtector { final static String CIPHER_NAME = "AES"; final static Reader in = new BufferedReader( new InputStreamReader(Systemin)); /* * This utility has three modes: * 1) Generate a new key: * PasswordProtector new * Generates a new key and print it to stdout You can * use this key in subsequent operations * 2) Encrypt a password: * PasswordProtector encrypt <key> <password> * Encrypts the password and prints the results to stdout * 3) Decrypt a password: * PasswordProtector decrypt <key> <encrypted password> * Decrypts a password and prints it to stdout * * This code makes use of the open source Base64 * library (http://ihardersourceforgenet/base64/) */ public static void main(String[] args) throws Exception { String cmd = args[0]; String out = "commands are 'new', 'encrypt' and 'decrypt'";
Drawing Code-39 In .NET
Using Barcode printer for ASP.NET Control to generate, create Code 39 Extended image in ASP.NET applications.
Continues
Code39 Creation In VS .NET
Using Barcode encoder for .NET framework Control to generate, create Code-39 image in Visual Studio .NET applications.
11 Privacy and Secrets
Draw Code 39 Extended In Visual Basic .NET
Using Barcode creation for VS .NET Control to generate, create Code39 image in VS .NET applications.
Key k; if ("new"equals(cmd)) { out = StringFromKey(makeKey()); } else if ("encrypt"equals(cmd)) { k = keyFromString(getString("Enter key")); String pswd = getString("Enter password"); out = encryptPassword(k, pswd); } else if ("decrypt"equals(cmd)) { k = keyFromString(getString("Enter key")); String enc = getString("Enter encrypted password"); out = decryptPassword(k, enc); } Systemoutprintln(out) ; } private static String getString(String msg) throws IOException { Systemoutprint(msg + ": "); return new BufferedReader(in)readLine(); } /* generate a brand new key */ private static Key makeKey() throws Exception { Cipher c = CiphergetInstance(CIPHER_NAME); KeyGenerator keyGen = KeyGeneratorgetInstance(CIPHER_NAME); SecureRandom sr = new SecureRandom(); keyGeninit(sr); return keyGengenerateKey(); } private static Key keyFromString(String ks) { return (Key) Base64decodeToObject(ks); } private static String StringFromKey(Key k) { return Base64encodeObject(k, Base64DONT_BREAK_LINES); } /* encrypt the given password with the key Base64 encode the ciphertext */ private static String encryptPassword(Key k, String passwd) throws Exception { Cipher c = CiphergetInstance(CIPHER_NAME); cinit(CipherENCRYPT_MODE, k); byte[] bytes = cdoFinal(passwdgetBytes()); return Base64encodeObject(bytes); } /* decrypt an encrypted password (assumes ciphertext is base64 encoded */ private static String decryptPassword(Key k, String encrypted) throws Exception { byte[] encryptedBytes; encryptedBytes = (byte[]) Base64decodeToObject(encrypted); Cipher c = CiphergetInstance(CIPHER_NAME);
Generate Barcode In Java
Using Barcode printer for Java Control to generate, create bar code image in Java applications.
112 Outbound Passwords
DataMatrix Creator In Java
Using Barcode creator for Java Control to generate, create Data Matrix image in Java applications.
cinit(CipherDECRYPT_MODE, k) ; return new String(cdoFinal(encryptedBytes)); } }
Barcode Encoder In Java
Using Barcode drawer for Java Control to generate, create barcode image in Java applications.
This solution might seem excessively complex to people who are used to being able to de ne every aspect of the way their software is written, deployed, and run Why not just store the password in a le that is accessible only by the application and a tightly limited number of administrators In an organization where the programmers do not get to oversee the installation and con guration of their code, this system affords the software a means to defend itself rather than relying on good administrative practices
GS1 - 13 Printer In Java
Using Barcode creation for Java Control to generate, create EAN13 image in Java applications.
Static Analysis: Look for Bad Password Management
Code 39 Maker In Java
Using Barcode creation for Java Control to generate, create Code 39 image in Java applications.
Consider the following entry from a Web application s webxml con guration le:
Draw Uniform Symbology Specification Codabar In Java
Using Barcode generation for Java Control to generate, create Uniform Symbology Specification Codabar image in Java applications.
<init-param> <param-name>dbpwd</param-name> <param-value>5C2A3868</param-value> </init-param>
Reading Bar Code In Java
Using Barcode recognizer for Java Control to read, scan read, scan image in Java applications.
Based on the parameter name, you might guess that the value contains a database password But how can you tell whether the value is encrypted What if the value itself were stored in a database instead of in the code It s very dif cult to accurately identify poor password management by looking for passwords stored outside the program because an obfuscated value is not necessarily encrypted, and external datastores might not lend themselves to being audited Instead, use static analysis to identify passwords that are stored in the clear by identifying where they are read and used in source code The following code reads the password from the previous con guration entry and uses it to open a database connection:
Barcode Maker In .NET Framework
Using Barcode printer for Visual Studio .NET Control to generate, create barcode image in Visual Studio .NET applications.
pwd = servletconfiggetInitParameter("dbpwd"); conn = DriverManagergetConnection(URL, USR, pwd);
Recognizing Barcode In VS .NET
Using Barcode recognizer for VS .NET Control to read, scan read, scan image in .NET applications.
Because the password is not decrypted before it is used, you can conclude that it was not encrypted in the con guration le To use a static analysis tool to make the same conclusion, taint values that are read from persistent storage locations, add taint ags to values that are decrypted, and check for the presence of those taint ags on values that are used to specify passwords If a tainted value that is not tagged as decrypted is used as a password, you know that the program does not always expect an encrypted password Continues
Code 128 Code Set A Creator In C#
Using Barcode creation for Visual Studio .NET Control to generate, create Code 128 Code Set C image in Visual Studio .NET applications.
Bar Code Generation In Visual Studio .NET
Using Barcode drawer for ASP.NET Control to generate, create barcode image in ASP.NET applications.
Reading USS Code 39 In VS .NET
Using Barcode reader for .NET framework Control to read, scan read, scan image in VS .NET applications.